Hello,
anyone knows when it will be possible to create certificates for domains containing German Umlauts?
Kind Regards
Peter
1 Like
Let’s Encrypt has supported Internationalized Domain Names (IDN) since last fall.
As part of the IDN system, domains with non-ASCII characters such as umlauts are translated from their natural Unicode form by your browser and other client software to a special encoding called punycode. This punycode is what is actually used in the DNS, registered with your domain registrar, etc.
Most Let’s Encrypt clients require you to enter the punycode form of the domain as opposed to the unicode form. Even if a client accepted the unicode form, the certificate it gets for you would contain the punycode form, because that’s what matters to the underlying technology.
If you do not know the punycode form of your domain, you can convert it using https://www.punycoder.com
If you are using the punycode form of your domain and you’re still having trouble issuing for a domain containing an umlaut, please open a topic in the Help section of the forum and answer all of the questions in the template.
2 Likes
OK, thank you very much for your answer!
I agree that a built-in Unicode to Punycode conversion would be extremely helpful, though, whether it detects automatically or requires a switch.
1 Like
We had a bit of a debate about this for Certbot and we currently don't do it, based on the belief that web server configuration files don't allow the Unicode forms, so users will need the Punycode form anyway. If this isn't accurate, maybe we should revisit that question.
Maybe we should give a better error in this case by at least performing the encoding and telling the user what it would be (like "Error: The name wunderschön.de should be entered as xn--wunderschn-mcb.de") . However, if I remember correctly, the built-in Python language IDNA support does not implement the most current version of the specification, so we would probably then acquire an extra Python dependency for an up-to-date library, while Certbot is already criticized for having too many dependencies.
2 Likes
Certbot already indirectly depends on -- and certbot-auto installs -- the idna package, which implements IDNA2008. I think it's a dependency of cryptography and/or requests.
2 Likes
Whoops, really? We sure do have a lot of dependencies. 
In that case I think I will revisit at least giving people a more useful error message suggesting the correct Punycode form because it would be about three more lines of code.
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.